Microsoft 365 Administrator — Question 118

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant includes a user named User1.

You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

Answer options

• A. Compliance Administrator
• B. Security Reader
• C. Reports Reader
• D. User Administrator

Correct answer: B

Explanation

The correct answer is B, Security Reader, as this role allows User1 to view the risk-related information in Azure AD Identity Protection without granting unnecessary permissions. The other roles, such as Compliance Administrator and User Administrator, provide broader access than necessary, while Reports Reader does not include the ability to view risk assessments.